I'm planning to develop a web app where user can upload videos. I have done that with Youtube APIs, but the problem is upload is working only with my credentials because of my client ID. Is there any way to upload videos without my credentials?
You can do this with service accounts, which are robot accounts that identify machines rather than users. First, create a service account and key in Google Developers Console. Then, add the service account's email address as a manager of the YouTube channel. Finally, you can make the API call using the service account's private key. See this page for a code example.
Related
Is it possible to generate a Youtube API key having admin access to the Youtube account? or is this function only possible for account owners?
Anyone can create a project on Google cloud console You do not need to be an admin on anything to create an api key.
You should understand though that Api keys are used to access public data via the YouTube api. This has nothing to do with a specific YouTube account. It will just let you access the public methods like Video.Search
All methods that require authorization For example members.list show in their documentation page that they require authorization.
The only authorization method allowed for the YouTube api is Oauth2. Someone with access to the channel will need to authorize your application and grant consent that your application access their YouTube channel on their behalf.
The documentation here does not state you can do it having admin access to the YouTube account only. But instead you need access to the actual Google Account linked to the Youtube Channel in question.
If you do have a Google Workspace subscription and the owner of the channel is one of your managed accounts, then you can access the GCP console and proceed with steps in the documentation to generate the key.
I'm trining to create live stream on youtube using google API. Now it working only when I use oauth authorisation. When I use API key authorisation I get authorisation error (login required)
When I use oauth authorisation - it require to enter confirmation code each time I create new translation. Is it possible to use "liveStreams->insert" method of API with authorisation that does not require entering of confirmation code?
From what you are writing it appears to me that you haven't understood the concept of OAuth and when to use OAuth vs an API key.
Try to think about it this way: You, as a person, have a Google account. This Google account is not the same as your YouTube account (or, as it is more commonly refered to, your YouTube channel). But your Google account is associated with your YouTube channel (of which you can have multiple). Because you are logged in to your Google account and your channel and Google account are linked, the YouTube website knows who you are and gives you access to your channel.
Now you head over to the Google Cloud Console. Here you create a project, which is very similar to a YouTube account in the sense that it, too, is an independent account which in this case represents your app, but is linked to your Google account so the Cloud Console website knows to give you access to the project as long as you are logged-in to your Google account.
HOWEVER, your YouTube account is not linked to your Cloud Console project. When you make an API request with an API key, the API does not see you as in "your Google account", but rather your apps's Cloud Console Project. That's why with an API key, you can only access publicly available data (everything you could "see" when you browse YouTube while not being logged-in).
So, in order for an application to read private channel information or modify channel information, the API needs verification that whoever makes that request is actually allowed to do that. This is where OAuth comes into play.
When you say you have to provide the confirmation code for each request, I think you don't save the access token and refresh token. I highly recommend you read Using OAuth 2.0 to Access Google APIs and Obtaining authorization credentials over on Google Developers to help get you started.
Application1 -> Microservice1 (deployed on one server, also db is separate)
Application2 -> Microservice2 (deployed on other server, also db is separate)
NOTE : For Microservice1 and Microservice2 we are use same Google API credentials.
We have a one application in that we are providing user to edit it's word, ppt, excel files with Online editor.
So, we have configure Microservice which used GSuite API for user to edit there file with google online word editor.
Now, we have a scenario like when one user open file from Application1 then our application will redirect user to google login screen and once user enter it's credentials then google will check whether third-party application already registered with login user account or not, and if not then google will give consent screen to register third-party app with current user.
Once user allow third-party app then google will redirect user to our Microservice1
once callback came to our Microservice then we will store user's refresh-token to our db and user can able to edit document online.
Now, user open file from Application2 and it will redirect user to google login screen and once user enter it's same credentials which he used in above then google will check whether third-party application already registered with login user account or not, this time google found that third-party application already registered with them, and google will redirect user to Microservice2, but this time google doesn't give refresh-token and in our db also refresh-token entry not there, so we will not able to open the file in online editor.
So, is there any way to handle these kind of scenario with only single Google API Credential?
Or we need separate account which give us different Google API Credentials?
Like :
Microservice1 (One Google Account with Google API Credential)
Microservice2 (Another Google Account with Google API Credential)
Any kind of help appreciated.
Thanks in advance...
you need to create a service account, possibly with G Suite Domain-Wide Delegation of Authority.
I am trying to use google api for getting new emails from gmail account. However reading the docs I found that there are two types to access api the first one without authorization (with json credential) and second one one is Service Account (with p12 certificate and secretkey)
Can not understand what the difference between this access? What exactly should I use?
Thanks
Oauth2 is the first type you are looking at. With Oauth2 a consent screen is displayed to the user who must approve your access. Usage you want to access a users Gmail account, you want to access a users google calendar, you want to access a users google drive.
With a service account access is pre-authorized by taking the service account email address and adding it as a user for data in question. Usage: You want to allow other users to upload files to your google drive account, you would add the service account email address to a folder on google drive then the service account will be able to upload to that folder with out having to prompt any user for permissions.
Use Oauth2 when you want to access a users account, use a service account when you want to access an account controlled by you the developer.
If you want to access a users Gmail account you need to use Oauth2 you cant grant another user access to your Gmail so there is no way to give a service account access to it.
I want to develop an application that uses the Picasa Google API for uploading images to my own account. I've already created the Service Account from the API Console and have created the code to upload the image (which works correctly given a valid access_token obtained from the OAuth2 playground).
However, when trying to obtain an access_token with the Google-api php library, this one doesn't seem to be associated to my own username (obviously, no consent screen), which throws me a 404 Not found error message when trying to access data from my personal account.
From what I've read over at https://developers.google.com/api-client-library/php/auth/service-accounts I could create an apps account to setup permissions for a whole domain. Is this, however, necessary given that I only want to access information from my own account? (the same I used to register the application in the API console). Couldn't this be done beforehand using API panel?
A service account is not you and does not by default have access to any data. Think of a service account as a dummy user. If you take the service account email address and add it as a user on a folder in your google drive it will have access to that folder on google drive. If you take the service account email address and give it access to one of your calendars on Google Calendar it will have access to the calendar.
If you set the album public I suspect it will then have access to the album. I did some Googleing and I cant see how you can add another users email address to an album on picasa.
I suggest you try using Oauth2.